I found this Nimda Whacker somewhere, maybe it would help:
<%
'Custom404.asp page to thwart Nimda DoS attacks on IIS
'by Humankind Systems, Inc. http://hksi.net/
'No support or guarantees of any kind are granted with this
'code. Use at your own risk. Distribute freely.
'Get the entire URL requested
myRequest=Request.ServerVariables("QUERY_STRING")
'A list of filenames Nimda looks for
myBadList="cmd.exe,root.exe,admin.dll,default.ida"
'Detect a GET request from the Nimda virus and take appropriate action
arrBadString=Split(myBadList,",")
for i=0 to UBound(arrBadString)
if inStr(myRequest,arrBadString(i))>0 then
'turn offending server back on itself
Response.redirect "http://127.0.0.1";
end if
next
%>
Also Nortons'
http://www.symantec.com/avcenter/venc/data/codered.removal.tool.html
has a free bug be gone tool for the CodeRed problem.
~Rick
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:IMail_Forum-owner@;list.ipswitch.com]On Behalf Of Todd Holt
> Sent: Wednesday, October 23, 2002 11:33 AM - MGMT
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] IWEBMSG: 'no action has been taken'
>
>
> You could run Apache if you feel more comfortable with *NIX. :-)
>
> Todd
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:IMail_Forum-owner@;list.ipswitch.com]On Behalf Of Dave Koontz
> Sent: Wednesday, October 23, 2002 11:21 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] IWEBMSG: 'no action has been taken'
>
>
> That is even more disturbing, to be forced to run IIS to fix a bug in
> iMail??? What if I don't want IIS and it's own security
> shortcomings on the
> mail server?
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:IMail_Forum-owner@;list.ipswitch.com]On Behalf Of John Tolmachoff
> Sent: Wednesday, October 23, 2002 11:00 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] IWEBMSG: 'no action has been taken'
>
>
> I have seen mention on this forum before of a suggestion to run
> IIS on port
> 80 and set up a .asp page that does a redirect to the off port
> that you set
> for Imail. The thought behind this is IIS is much stronger to handle code
> red attacks and such.
>
> If you search the archives, I am sure you will be able to find it, or
> someone might post more information about that redirect.
>
> John Tolmachoff
> IT Manager, Network Engineer
> RelianceSoft, Inc.
> Fullerton, CA 92835
> www.reliancesoft.com
>
>
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> ___________________________________________________________________
> Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
>
>
___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
